Phishing: Difference between revisions

From Citizendium
Jump to navigation Jump to search
imported>Anton Sweeney
m (→‎Method: change caption, resize)
imported>Anton Sweeney
(→‎Method: Expand)
Line 8: Line 8:


While many of these mails will be caught by [[spam filter]]s and other protections, some will make it through to the mailboxes of people who have accounts with the target financial institution.  A person clicking on one of the links contained in the email will be brought not to the financial institution's website, but to the fake one that has previously been set up.  If the mail recipient does not notice that they are at a fake site and enters their credentials, the fake site will record these details.  The fraudsters can then access the account themselves and empty it of funds.
While many of these mails will be caught by [[spam filter]]s and other protections, some will make it through to the mailboxes of people who have accounts with the target financial institution.  A person clicking on one of the links contained in the email will be brought not to the financial institution's website, but to the fake one that has previously been set up.  If the mail recipient does not notice that they are at a fake site and enters their credentials, the fake site will record these details.  The fraudsters can then access the account themselves and empty it of funds.
The image to the right shows one such typical email.  The example represents a relatively poor attempt at a phishing mail.  Notice the lack of an entry in the "To:" field of the email; lack of a personalised greeting; and the very unclear (and ungrammatical) reason stating why the person's details are required: ''"<website> cam shows We must properly verify your account again."''  The faked logo is used only once.  Phishing mails can often be far more sophisticated.


==References==
==References==

Revision as of 05:37, 5 September 2007

Phishing is the computer industry term used to describe a type of fraud in which the victim is encouraged to divulge personal confidential information, such as an account username and password for an online banking or financial service. The term, with its unusual spelling, derives from the associated but older term phreaking, which refers to hacking into telephone systems.

A typical phishing attempt uses social engineering techniques to prey on the fears of uninformed users of online financial systems. By tricking such users into divulging their account credentials, the fraudsters can then access the compromised accounts and transfer the funds therein to a holding account, which will then be quickly emptied.

Method

Screenshot of a typical phishing email. purporting to be from Paypal. The sender's address has been faked.

The fraudsters will first set up a website designed to mimic that of their target financial institution. Then, using a bot network or other similar means, they will send a carefully constructed email to a massive number of recipients. The email will use copied logos, embedded in the mail, to give the appearance that it is coming from the financial institution in question.

While many of these mails will be caught by spam filters and other protections, some will make it through to the mailboxes of people who have accounts with the target financial institution. A person clicking on one of the links contained in the email will be brought not to the financial institution's website, but to the fake one that has previously been set up. If the mail recipient does not notice that they are at a fake site and enters their credentials, the fake site will record these details. The fraudsters can then access the account themselves and empty it of funds.

The image to the right shows one such typical email. The example represents a relatively poor attempt at a phishing mail. Notice the lack of an entry in the "To:" field of the email; lack of a personalised greeting; and the very unclear (and ungrammatical) reason stating why the person's details are required: "<website> cam shows We must properly verify your account again." The faked logo is used only once. Phishing mails can often be far more sophisticated.

References